Presentation is loading. Please wait.

Presentation is loading. Please wait.

TCP/IP Internetworking

Published byEileen Annabelle Turner Modified over 5 years ago

Similar presentations

Presentation on theme: "TCP/IP Internetworking"— Presentation transcript:

1 TCP/IP Internetworking
(February 3, 2016) © Abdou Illia – Spring 2016

2 Security Goals Main security goals: Confidentiality of communications and proprietary information Integrity of corporate data Availability of network services and resources CIA Authenticity: ensuring that the data, transactions, communications or documents are genuine. Also validating that both parties involved are who they claim to be. Non-repudiation: Ensuring that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction.

3 TCP/IP and Security Goals
Understanding TCP/IP helps understand: Technical aspects of systems attacks like: Attack Messages’ structure Attack Messages’ content What makes attack messages dangerous How defense tools are designed and configured to meet security goals.

4 The TCP/IP (or Internet) Model
4 or 5 layers Interface layer – represents network adapters, modems, etc. Network layer – responsible of identifying sender/receiver Transport layer – deals with managing data transport issues Application layer – represents user’s interface/ network applications Application layer Transport layer Network layer Interface layer Data Link Physical

5 Protocols Used in TCP/IP
Layers Applications/Protocols Application Webservice: HTTP SMTP (Simple Mail Transfer Protocol), POP (Post Office Protocol), IMAP (Internet Message Access Protocol) Telnet applications: Terminal Emulation Protocol File transfer: FTP Transport TCP (Transmission Control Protocol). Required in webservice when HTTP is used Required in Mailservice when SMTP is used. SMTP messages are encapsulated in TCP segments Connection-oriented: Establishes and maintains connections before sending. Close connections after transmission. Correct errors in TCP segments. UDP (User Datagram Protocol) Connectionless: Don’t open connection. Simply sends. Discards incorrect UDP datagrams (no retransmission) Network IP (Internet Protocol) Interface PPP (Point-to-Point Protocol) V.90 for 56 Kbps modems

6 Layered Communications: Encapsulation – De-encapsulation
Application programs on different computers cannot communicate directly There is no direct connection between them! They need to use an indirect communication system called layered communications or layer cooperation HTTP Request Browser Web App Trans Trans Int Int DL DL Phy Phy User PC Webserver

7 Layer Cooperation on the User PC
Encapsulation on the sending machine Embedding message received from upper layer in a new message HTTP request Application HTTP req. Encapsulation of HTTP request in data field of a TCP segment Transport HTTP req. TCP-H TCP segment Internet HTTP req. TCP-H IP-H IP Packet Data Link PPP-T HTTP req. TCP-H IP-H PPP-H Frame User PC Physical

8 Layer Cooperation on the Web server
De-encapsulation Other layers pass successive data fields (containing next-lower layer messages) up to the next-higher layer HTTP request HTTP req. Application TCP segment HTTP req. TCP-H Transport IP Packet HTTP req. TCP-H IP-H Internet Frame PPP-T HTTP req. TCP-H IP-H PPP-H Data Link Transmission media Webserver

9 IP Packet Bit 0 IP Version 4 Packet Bit 31 Version (4 bits) Header
0100 IP Version 4 Packet Bit 31 Version (4 bits) Header Length (4 bits) QoS (8 bits) Total Length (16 bits) Identification (16 bits) Flags Fragment Offset (13 bits) Time To Live (8 bits) Protocol (8 bits) 1=ICMP, 6=TCP,17=UDP Header Checksum (16 bits) Source IP Address (32 bits) Destination IP Address (32 bits) Options (if any) Padding Data Field QoS: Also called Type of Service, indicates the priority level the packet should have Identification tag: to help reconstruct the packet from several fragments Flags: indicates whether packet could be fragmented or not (DF: Don't fragment), indicates whether more fragments of a packet follow (MF: More Fragments or NF: No More Fragments) Fragment offset: identify which fragment this packet is attached to TTL: Indicates maximum number of hops (or routers) the packet could pass before a hop discards it. Header checksum: to check for errors in the headers only

10 Summary Questions (Part 1)
What is the main version of the Internet Protocol in use today? What is the other version? What does a router do with an IP packet if it decrements its TTL value to zero? Assume that a router received an IP packet with the Protocol in header set to 6. What Transport layer protocol is used in the message: TCP, UDP, or ICMP?

11 IP Fragmentation Subnet 1 Subnet 2 When a packet arrives at a router, the router selects the port and subnet to forward the packet to If packet too large for the subnet to handle, router fragments the packet; ie. Divides packet’s data field into fragments Gives each fragment same Identification tag value, i.e. the Identification tag of original packet First fragment is given Fragment Offset value of 0 Subsequent fragments get Fragment Offset values consistent with their data’s place in original packet Last fragment’s Flag is set to “No More Fragments” Destination host reassemble fragments based on the offsets. Identification (16 bits) Flags Fragment Offset (13 bits)

12 Firewalls and Fragmented IP Packet
Fragmentation makes it hard for firewalls to filter individual packets TCP or UDP header appears only in the first fragment Firewall might drop the first fragment, but not subsequent fragments Some firewalls drop all fragmented packets 2. Second Fragment 1. First Fragment Router TCP Data Field IP Header 4. TCP Data Field No TCP Header IP Header 5. Firewall Can Only Filter TCP Header in First Fragment Attacker 3. TCP Header Only in First Fragment

13 TCP Segment Bit 0 Bit 31 Source Port Number (16 bits)
Destination Port Number (16 bits) Sequence Number (32 bits) Acknowledgment Number (32 bits) Header Length (4 bits) Reserved (6 bits) Flag Fields: ACK, SYN,… (6 bits) Window Size (16 bits) TCP Checksum (16 bits) Urgent Pointer (16 bits) Data Port number: identifies sending and receiving application programs. Sequence number: Identifies segment’s place in the sequence. Allows receiving Transport layer to put arriving TCP segments in order. Acknowledgement number: identifies which segment is being acknowledged Flag fields: Six one-bit flags: ACK, SYN, FIN, RST, URG, PSH. Can be set to 0 (off) or 1 (on). e.g. SYN=1 means a request for connection/synchronization. Q: If the ACK flag is set to 1, what other field must also be set to allow the receiver know what TCP segment is being acknowledged?

14 2. SYN, ACK (1) (Acknowledgment of 1)
TCP and use of Flags Flag Fields (6 bits) ACK SYN FIN RST URG PSH TCP is a connection-oriented protocol Sender and receiver need to establish connection Sender and receiver need to agree to “talk” Flags are used for establishing connection Sender requests connection opening: SYN flag set to 1 If receiver is ready to “talk”, it responds by a SYN/ACK segment Sender acknowledges the acknowledgment If sender does not get ACK, it resends the segment PC Transport Process Webserver Transport Process 1. SYN (Open) 2. SYN, ACK (1) (Acknowledgment of 1) 3-way Handshake 3. ACK (2) Note: With connectionless protocols like UDP, there is no flags. Messages are just sent. If part of sent messages not received, there is no retransmission.

15 Communication during a normal TCP Session
FIGURE A-15: Q1: How many segments are sent in a normal TCP communication opening? ____ Q2: How many segments are sent in a normal TCP communication closing? ____ Note: At any time, either process can send a TCP RST (reset) segment with RST bit set to 1 to drop the connection (i.e. to abruptly end the connection).

16 SYN/ACK Probing Attack
1. Probe 2. No SYN (Open): Makes No Sense! SYN/ACK Segment IP Hdr RST Segment Attacker is Live! Victim 4. Source IP Addr= 3. Go Away! Sending SYN/ACK segments helps attackers locate “live” targets Older Windows OS could crash when they receive a SYN/ACK probe

17 TCP and use of Port numbers
Source Port Number (16 bits) Destination Port Number (16 bits) TCP and use of Port numbers Port Number identify applications Well-known ports (0-1023): used by major server applications for providing network services. HTTP web service=80, Telnet=23, FTP=21, SMTP =25 Registered ports ( ): Used by client and server applications. Developer must register # with IANA Ephemeral/dynamic/private ports ( ) Can’t be registered with IANA. For custom/temporary purpose. Web server applications www:80 FTP:21 SMTP:25 Operating System Computer hardware RAM chip Socket notation: IP address:Port # HD Processor

18 Summary Questions (Part 2)
A host sends a TCP segment with source port number 25 and destination port number Is the source host a server or a client? Why? If the host is a server, what kind of service does it provide? Is the destination host a server or a client ? Why?

19 TCP and Port spoofing Attackers set their application to use well-known port despite not being the service associated with the port Most companies set their firewall to accept packet to and from port 80 Attackers set their client program to use well-know port 80

20 Summary Questions (Part 4)
What is IP Fragmentation? Does IP fragmentation make it easier for firewall to filter incoming packets? Why? What is SYN/ACK probing attack? What kind of port numbers do major server applications, such as service, use? What kind of port numbers do client applications usually use? What is socket notation? What is port spoofing? How many well-known TCP ports are vulnerable to being scanned, exploited, or attacked?

Download ppt "TCP/IP Internetworking"

Similar presentations

CISCO NETWORKING ACADEMY Chabot College ELEC 99.05 Transport Layer (4)

CISCO NETWORKING ACADEMY Chabot College ELEC Transport Layer (4)
CCNA – Network Fundamentals

CCNA – Network Fundamentals
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.
Intermediate TCP/IP TCP Operation.

Intermediate TCP/IP TCP Operation.
Introduction1-1 message segment datagram frame source application transport network link physical HtHt HnHn HlHl M HtHt HnHn M HtHt M M destination application.

Introduction1-1 message segment datagram frame source application transport network link physical HtHt HnHn HlHl M HtHt HnHn M HtHt M M destination application.
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
Instructor: Sam Nanavaty TCP/IP protocol. Instructor: Sam Nanavaty Version – Allows for the evolution of the protocol IHL (Internet header length) – Length.

Instructor: Sam Nanavaty TCP/IP protocol. Instructor: Sam Nanavaty Version – Allows for the evolution of the protocol IHL (Internet header length) – Length.
CS3505 The Internet and Info Hiway transport layer protocols : TCP/UDP.

CS3505 The Internet and Info Hiway transport layer protocols : TCP/UDP.
Lecture # 14 TCP/IP - UDP Computer Communication & Networks.

Lecture # 14 TCP/IP - UDP Computer Communication & Networks.
Chapter 7 – Transport Layer Protocols

Chapter 7 – Transport Layer Protocols
TELE202 Lecture 14 TCP/UDP (2) 1 Lecturer Dr Z. Huang Overview ¥Last Lecture »TCP/UDP (1) »Source: chapter 17 ¥This Lecture »TCP/UDP (2) »Source: chapter.

TELE202 Lecture 14 TCP/UDP (2) 1 Lecturer Dr Z. Huang Overview ¥Last Lecture »TCP/UDP (1) »Source: chapter 17 ¥This Lecture »TCP/UDP (2) »Source: chapter.
Module A.  This is a module that some teachers will cover while others will not  This module is a refresher on networking concepts, which are important.

Module A.  This is a module that some teachers will cover while others will not  This module is a refresher on networking concepts, which are important.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
1 TCP/IP Internetworking (February 1, 2012) © Abdou Illia – Spring 2012.

1 TCP/IP Internetworking (February 1, 2012) © Abdou Illia – Spring 2012.
CSEE W4140 Networking Laboratory Lecture 6: TCP and UDP Jong Yul Kim 03.01.2010.

CSEE W4140 Networking Laboratory Lecture 6: TCP and UDP Jong Yul Kim
Institute of Technology Sligo - Dept of Computing Semester 2 Chapter 9 The TCP/IP Protocol Suite Paul Flynn.

Institute of Technology Sligo - Dept of Computing Semester 2 Chapter 9 The TCP/IP Protocol Suite Paul Flynn.
Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.

Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.
Transport Layer TCP and UDP IS250 Spring 2010

Transport Layer TCP and UDP IS250 Spring 2010
Gursharan Singh Tatla Transport Layer 16-May-2011 1

Gursharan Singh Tatla Transport Layer 16-May
Process-to-Process Delivery:

Process-to-Process Delivery:

Similar presentations

Ads by Google